b7472c09abbf1f5b3b45f1515fb7be42_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b7472c09abbf1f5b3b45f1515fb7be42_JaffaCakes118
Size

52KB
MD5

b7472c09abbf1f5b3b45f1515fb7be42
SHA1

13a22f08cc5e6696172cebf2d5c9e1e8add0b102
SHA256

17bd6d0789c22abe6ac3e9764dba35704217269c7094e0d5824b14e6fc7eec07
SHA512

b94a9be05b45dc6078d5bd963319a318b4d02949e9d8de3b10d1288394c0c5aa1e52ef3fff92d55ac8a5a9b191ebd34092a2b0fbff68a268ff13f2f7c28e21ae
SSDEEP

1536:MhIDjYAYiXGKVaLsBrCc9bY7WzOYuhYGnwaLRYVkistnqXyXCV:MhIXllbOtAGwDkiEnqX6CV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7472c09abbf1f5b3b45f1515fb7be42_JaffaCakes118

Files

b7472c09abbf1f5b3b45f1515fb7be42_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8659e9a698051324f53c0ae3f1342086

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryA
MoveFileA
DeleteFileA
SetFileAttributesA
WritePrivateProfileStringA
GetProcAddress
LoadLibraryA
Sleep
GetCurrentProcessId
RemoveDirectoryA
CreateThread
FindNextFileA
GetPrivateProfileStringA
CreateProcessA
WideCharToMultiByte
ExitProcess
LocalFree
Process32Next
Process32First
CreateDirectoryA
FreeLibrary
GetCommandLineW
WaitForSingleObject
CloseHandle
GetExitCodeProcess
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
HeapDestroy
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
FindFirstFileA

advapi32

SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
SetNamedSecurityInfoA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

shell32

SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

CoInitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
SysStringLen
LoadRegTypeLi
SysFreeString

msvcrt

strrchr
_stricmp
_strlwr
_adjust_fdiv
malloc
_initterm
free
fopen
fseek
ftell
fread
fclose
_wcslwr
wcsstr
atoi
_access
memcpy
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp
strstr
memset
sprintf
strlen
strcmp
_strupr
strncpy
strchr
strncmp
strcpy
strcat

shlwapi

SHDeleteValueA
SHDeleteKeyA
SHSetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8659e9a698051324f53c0ae3f1342086

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

idata Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

idata
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 2KB